Privacy Policy
Last updated: December 8, 2025
This Privacy Policy explains how Arlo ("we", "our", "us") collects, uses, discloses, and protects personal information when you use our website and services at arlo.to ("Service"). By using the Service, you acknowledge that you have read and understood this Privacy Policy.
Information We Collect
Waitlist and Application Information
When you sign up for our waitlist or submit a visa application request, we collect:
- Email address
- Destination country (where you plan to travel)
- Passport country (country that issued your passport)
- Travel date
- Applying from country (country where you are applying from)
Usage and Device Data
Collected automatically when you use our website. Includes IP address, browser or device type, interaction data, and approximate location derived from IP.
Cookies and Tracking
We use cookies and similar technologies to operate the Service, remember preferences, and analyze performance. You can manage preferences through your browser settings.
How We Use Information
We process personal information to:
- deliver and operate the Service
- process and manage your waitlist application and visa application requests
- contact you about your waitlist status, beta access availability, and service updates (when you have willingly signed up for our waitlist)
- provide customer support
- improve platform performance and features
- maintain safety and prevent fraud
Legal Bases for Processing (GDPR and UK GDPR)
We process personal information only when a legal basis applies:
- consent when you voluntarily provide information to join our waitlist or use our services
- contractual necessity such as processing your visa application request
- legitimate interests such as improving the Service in ways that do not negatively impact your rights
- legal obligations when required by applicable laws
Data Sharing and Third Parties
We share data only with trusted service providers that assist in hosting, data storage, analytics, and artificial intelligence services. They are permitted to use the data only for the services we request.
We do not sell personal information.
Data Management
Data Transfers
If you are located in the EU or UK, your personal information may be transferred to countries with different data protection standards including the United States. We use safeguards such as Standard Contractual Clauses when required.
Data Retention
We retain personal information while your account is active and for a reasonable period afterward to maintain records and comply with legal requirements. You can request deletion at any time unless retention is required by law.
Your Rights
Users in the EU and UK
You have rights to:
- access your personal information
- request correction or deletion
- withdraw consent at any time
- restrict or object to processing in certain cases
- data portability
To exercise these rights, contact us using the email below.
California Residents
Under the CCPA/CPRA you have rights to:
- know what categories of information are collected
- request access to specific pieces of data
- request deletion of personal information
- request correction of inaccurate data
- request information about data disclosure to third parties
- opt out of the sale or sharing of personal information if applicable
We do not sell personal information.
You may designate an authorized agent to submit requests on your behalf.
Children's Privacy
The Service is not intended for users under 18 and we do not knowingly collect information from minors.
Security
Data is stored on Convex infrastructure with technical and organizational safeguards to protect against unauthorized access or loss.
Contact Us
For privacy questions or requests, contact: contact@arlo.to
Updates to This Policy
We may revise this Privacy Policy. Any changes will be posted with an updated date. Continued use of the Service indicates acceptance of the updated terms.